Website and Password Hacks
A recent news article in the New York Times outlines how a group of Russian hackers have amassed more than 1.2 billion username and password combinations and over 500 million email addresses (source). (*UPDATE – SEPT 2014) They’ve now made the data public and setup this website where you can enter your email address to see if you were on that list. The point is that if you use email either personally or for your business, or if you have a website that requires a username and password to login and edit content – then you should be practicing safe website and password security.
What is Safe Website and Password Security?
I’m glad you asked. Safe website and password security is the practice of regularly changing your passwords on anything that’s important to you (and your email and website content should be important to you). Once you understand the benefits and make the leap, news like this won’t raise the slightest bit of panic for you. Instead you’ll be laughing to yourself and thinking, “not today, hackers!”
Here’s the idea: Regardless of whether its a Russian gang that has made the news or someone you’ve never heard of, your email and website are susceptible to hackers all the time. We run security plugins that report hacking attempts on all our websites and I can tell you from experience that not long after a website goes live, hackers are zeroing in on it and trying every trick they know to slip in the back door. Those tricks often consist of brute force login attempts using the most common usernames and passwords.
It makes sense then that you move past the easy approach of one simple password that you use over and over, everywhere you possibly can, and instead begin adopting better website and password security practices.
Here are some great tips and advice from Google. One of the most important things that they say is that passwords should be easily remembered by you but not by other people. That is an important key because trying to remember some obscure mix of letters, numbers and symbols is going to be impossible. But deriving complex and secure passwords from things that you already easily remember is the key to making great passwords that are unique to you. I frequently use word combinations, events or even people that I know as the basis for my passwords. So they end up making sense to me but no one else would ever think of them.
I would also recommend you add one simple step to what they outline. Change your passwords regularly. Just add something to your calendar that reminds you its time to update your passwords and in a few minutes you can edit the few that you use and send the hoards of hackers on their way.
Another great option ( if you have a lot of websites or a lot of passwords) is to use some password software. I’ve used LastPass both at work and at home for a number of years and would highly recommend it. It is free for personal use but even if you upgrade to the premium edition – its well worth the cost. Another couple of options you might want to try out are 1Password ( for Macs) or KeyPass (For PCs). But beware. Hackers can hack your password software as well – so you will still need to practice safe password security with your master password. These programs just makes it a little easier to track all those passwords you have floating around out there.
The hardest part of all this won’t be deriving new passwords or changing them frequently. It will be changing your mindset about whether it is a worthwhile investment of your time. I think it is – but there are a gang of Russians out there who would disagree with me.